4 



00 





DETERMINE DIG. 
SIGNATURE 
LIFETIME AND 
CREATION TIME 
FROM DIG. SIGN. 
CERTIFICATE DATA 




CONTACT MANGER 
TO ESTABLISH NEW 
KEY SIGNING PAIR - 
CLIENT GENERATES 

KEY PAIR AND 
SENDS PUBLIC KEY 
TO MANAGER BY 
PROTECTED DIG. 
SIGNATURE AND 
ENCRYPTED 
MESSAGE 



t 



i ' r 



34 



PROVIDE SELECTABLE 
CERTIFICATE LIFETIME AND 

PRIVATE KEY LIFETIME 
DATA FOR EACH SELECTED 
CLIENT (ON A PER CLIENT 
BASIS) 



.36 



STORE SELECTED 
DATA VALUES FOR 
EACH CLIENT IN 
CLIENT MANAGER 
DATABASE 




Yes 



VERIFY 
AUTHENTICITY OF 
CLIENT AND DATA 

FROM CLIENT 
REQUEST USING 
PKIX Part 3 



r 



42 



CLIENT GENERATES 
NEW DIGITAL 
SIGNATURE KEY 
PAIR 



r 



44 



CLIENT SENDS NEW 
DIG. SIGN. PUBLIC 
KEY PAIR TO 
MANAGER 



46 



MANAGER CREATES NEW 
DIG. SIGN. CERTIFICATE 
WITH SELECTED EXPIRY 

DATA BY ASSOCIATING 
SELECTED EXPIRY DATA 

WITH NEW KEY PAIRS 



V7_ 



48 



SEND NEW DIG. 
SIGN CERTIFICATE 
TO REQUESTING 
, CLIENT " 



.50 



£7 



WAIT FOR ANOTHER 
CLIENT REQUEST 

OR NEW SELECTION 
OF EXPIRY DATA 



FIG. 2 



DIGITAL SIGNATURE 
KEY PAIR UPDATING 



